Package: request-tracker4 / 4.2.8-3
Metadata
Package | Version | Patches format |
---|---|---|
request-tracker4 | 4.2.8-3 | 3.0 (quilt) |
Patch series
view the series filePatch | File delta | Description |
---|---|---|
layout.diff | (download) |
config.layout |
29 29 + 0 - 0 ! |
add debian layout (fhs-compatible) |
sitemodules.diff | (download) |
lib/RT/Interface/Web/Handler.pm |
1 1 + 0 - 0 ! |
use rt_sitemodules.pm in lib/rt/interface/web/handler.pm |
rt_setup_database_upgrade_basedir.diff | (download) |
sbin/rt-setup-database.in |
2 1 + 1 - 0 ! |
fix relative references to config path |
no_testdeps.diff | (download) |
Makefile.in |
2 1 + 1 - 0 ! |
don't run the testdeps portion of configuration |
sanity check stylesheets_shebang.diff | (download) |
etc/upgrade/sanity-check-stylesheets.pl |
1 1 + 0 - 0 ! |
add missing interpreter to etc/upgrade/sanity-check-stylesheets.pl We install these scripts executable, so they need to have a valid interpreter. Bug: http://issues.bestpractical.com/Ticket/Display.html?id=18856 |
debianize_backup_docs.diff | (download) |
docs/backups.pod |
43 31 + 12 - 0 ! |
customise backup docs for debian |
debianize_docs_local.diff | (download) |
docs/customizing/styling_rt.pod |
6 3 + 3 - 0 ! |
reference correct local directory for debian |
no_test_web_installer.diff | (download) |
t/web/installer.t |
2 2 + 0 - 0 ! |
don't test the web installer The following undiagnosed test failure in the Debian minimal build environment occurs: # Failed test 'no warnings' # at lib/RT/Test.pm line 1611. # There were 2 warning(s) # Previous test 22 'set admin email' # There is no form with the requested fields at t/web/installer.t line 80 # at /usr/share/perl5/WWW/Mechanize.pm line 2745 # WWW::Mechanize::_warn('There is no form with the requested fields') called at /usr/share/perl5/WWW/Mechanize.pm line 2723 # WWW::Mechanize::warn('RT::Test::Web=HASH(0x586d0f0)', 'There is no form with the requested fields') called at /usr/share/perl5/WWW/Mechanize.pm line 1371 However the web installer is not used in the Debian package, so don't run the test. |
fix_lintian_privacy_break_logo_error.diff | (download) |
share/html/index.html |
6 3 + 3 - 0 ! |
don't include remote image references or redirects in broken install page This fixes the lintian error privacy-breach-logo |
debianize_UPGRADING 4.2.diff | (download) |
docs/UPGRADING-4.2 |
6 3 + 3 - 0 ! |
debianize upgrading-4.2 |
font_path.diff | (download) |
etc/RT_Config.pm.in |
8 4 + 4 - 0 ! |
use the configured font path (from layout), rather than hardcoding it RT already allows configuring an explicit font path; respect it. Fixes I#29794. Bug: http://issues.bestpractical.com/Ticket/Display.html?id=29794 Bug-Debian: http://bugs.debian.org/746150 |
assettracker sysgroups.diff | (download) |
etc/upgrade/4.1.0/schema.SQLite |
3 3 + 0 - 0 ! |
fix upgrade problems caused by an rtx::assettracker installation bug The setup of the wheezy rt4-extension-assettracker package (RTx::AssetTracker 2.0.0b2) accidentally inserted two pairs of system role accounts, causing upgrade failures on SQLite backends due to uniqueness constraint violations. Bug-Debian: https://bugs.debian.org/773343 |
sec 2015 02 05 1.diff | (download) |
lib/RT.pm |
1 1 + 0 - 0 ! |
hide utf8 warnings during attempted decoding EncodeFromToWithCroak is used to exploratorily attempt to decode unknown byte strings. This operation, under Encode::FB_DEFAULT, may generate warnings -- lots of warnings. This can lead to denial of service in some situations. This vulnerability has been assigned CVE-2014-9472. Unfortunately, "no warnings 'utf8'" does not work to quiet them until Encode 2.64; simply skip warnings of this type in the logging handler. |
sec 2015 02 05 2.diff | (download) |
share/html/Search/Elements/ResultsRSSView |
9 8 + 1 - 0 ! |
prevent text content from being interpreted as html by rss clients The ->Content method is used to obtain the data to use in the RSS <description> tag. However, most RSS feed readers display the contents of the <description> tag using a HTML rendering engine; this allows textual content to be mistakenly rendered as HTML. This specifically includes links, which RSS readers may not hide the "Referer" header of, exposing the RSS feed URL and thus allowing for information disclosure. This vulnerability has been assigned CVE-2015-1165. Escape the textual content so that it is not interpreted as HTML by RSS readers. This is suprior to requesting ->Content( Type => "text/html" ) because it is guaranteed to not contain links, and thus not suffer from the above Referer disclosure. |
sec 2015 02 05 3.diff | (download) |
share/html/Search/Elements/ResultsRSSView |
11 4 + 7 - 0 ! |
never place the temporary current user in the session |